As the buzz around the GDPR and its implementation begins to settle down, we’re starting to see how this regulation is changing the way business respond to breaches. One of the first victims of a major data breach since the GDPR‘s implementation this May was Typeform, a company based in Spain. Typeform is a data collection company with customers including Adobe, Airbnb, Apple, BBC, Facebook, Forbes, HubSpot, Indiegogo, and Uber, among many others.

What happened?

Typeform noticed on June 27 that an unknown third party gained full access to their backed-up data and downloaded information that included user data. This backup included everything Typeform collected up until May 3rd.

How did Typeform react?

Immediately after learning about the breach, Typeform performed a forensic investigation. They also fixed the security vulnerability to prevent the same incident from reoccurring. After ensuring security measures were in place and the breach was contained, the company contacted the affected customers to inform them that their sensitive data was compromised.

The GDPR’s influence

As a Spanish company, Typeform is required to comply with the stringent GDPR. The following are some of the significant measures that Typeform took post detection of the data breach:

It ensured that all the loopholes used by the hackers were immediately secured.

It informed all affected customers personally through emails.

It announced the breach and put the announcement on its official blog.

Most of Typeform’s clients are businesses that used Typeform’s product to collect customer data. Meaning the actual breached data belongs to the customers of individual businesses using Typeform. This has created a chain reaction of emails about the data breach, as Typeform’s customers also needed to notify their customers. However, Typeform should be commended for its swift and efficient handling of the breach situation, as required by the GDPR.